Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/ccatLgZqkUhnJrWEtfx8qk2fULI.roa
File: ccatLgZqkUhnJrWEtfx8qk2fULI.roa (raw, json)
Hash identifier: a2fZSxCFwMtK1fYJFikpSOf82jrJTKt/IOOIOeSOlIo=
Subject key identifier: 71:C6:AD:2E:06:6A:91:48:67:26:B5:84:B5:FC:7C:AA:4D:9F:50:B2
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 01880E8B9C716BE134D5729AEEA67A137F3F
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/ccatLgZqkUhnJrWEtfx8qk2fULI.roa
Signing time: Fri 12 May 2023 06:00:10 +0000
ROA not before: Fri 12 May 2023 06:00:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 91.213.186.0/24 maxlen: 24
91.213.200.0/24 maxlen: 24
194.156.151.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:0e:8b:9c:71:6b:e1:34:d5:72:9a:ee:a6:7a:13:7f:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: May 12 06:00:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=71c6ad2e066a91486726b584b5fc7caa4d9f50b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:4d:b5:1a:6c:c0:02:f5:46:a6:d8:26:f8:46:
ac:e5:77:81:8e:8d:80:1e:db:bc:49:f9:d1:99:63:
59:0c:7b:de:f7:6b:af:f3:55:13:ba:b5:34:91:3d:
1c:8e:1e:fc:3c:f6:6a:07:b1:db:bb:34:37:2c:e7:
2e:8e:28:54:7a:8f:84:fd:98:68:99:b2:34:b2:20:
1c:33:75:d8:98:2f:46:c8:6a:d4:be:8d:19:1f:34:
39:a0:0f:f6:f4:bf:7d:b5:b5:d0:ed:09:d5:71:71:
23:2c:71:14:bd:01:d5:c8:00:71:de:66:2f:5c:68:
4d:6f:66:61:35:a9:c6:b0:e6:86:5f:c3:78:24:5d:
e3:00:43:4d:34:ab:95:f9:ca:a4:c8:79:e0:3a:02:
bd:32:e5:14:49:6d:cc:94:ee:74:e8:57:0a:f8:57:
88:96:b3:46:37:e2:e7:b0:a2:7e:42:41:f4:0d:2c:
e3:7d:26:69:8b:4d:4c:de:b0:c2:87:fe:af:2d:eb:
96:d2:78:18:90:40:09:b9:9c:45:94:bd:80:a9:46:
da:4c:30:c7:cc:bf:36:7f:c9:dc:c7:db:7e:3a:1e:
59:cb:dc:64:42:c7:4f:fe:19:c9:22:ff:43:d0:bf:
fb:4b:eb:c3:3c:9f:f6:c3:81:92:67:16:3f:8e:b6:
1e:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:C6:AD:2E:06:6A:91:48:67:26:B5:84:B5:FC:7C:AA:4D:9F:50:B2
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/ccatLgZqkUhnJrWEtfx8qk2fULI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.213.186.0/24
91.213.200.0/24
194.156.151.0/24
Signature Algorithm: sha256WithRSAEncryption
ac:c7:cb:59:30:7e:d1:a1:2e:65:e5:13:9a:a8:f5:ae:39:d9:
da:ec:64:fe:fc:00:9a:b9:14:38:e4:30:10:68:a0:34:a8:91:
cb:db:d9:6b:9c:f1:fd:a7:b5:4c:a9:00:37:d5:58:96:7f:6a:
3b:26:af:50:25:eb:cc:e9:d4:d0:28:5c:c4:e6:c1:aa:40:fc:
64:71:e7:b9:5f:3a:9c:03:2a:a5:dd:81:04:74:c7:16:e8:17:
06:ca:a9:88:25:3d:ce:50:86:56:ea:e6:09:f1:20:e0:d9:03:
df:cb:0a:49:3f:03:4a:e5:e2:ce:a6:cd:c4:02:8a:4f:4f:54:
cf:b4:cf:3f:21:6d:e5:19:0c:a1:d5:82:f1:32:ab:70:ef:d4:
e3:5e:1d:12:8c:ec:e3:54:83:c8:15:78:7d:65:28:dc:8d:a8:
0d:99:e0:34:41:d7:02:05:25:7b:bb:af:79:7a:ad:de:8e:8c:
9b:f3:6d:f7:b7:bd:12:b6:9d:51:e3:ed:cd:db:23:16:40:20:
32:72:8b:87:fe:5a:07:38:bd:8e:bf:a0:bd:1f:ec:cf:7d:6e:
b4:91:e0:60:b0:5f:8d:49:27:f4:80:76:93:aa:e8:21:23:4d:
29:16:8b:52:d7:aa:61:96:2e:7a:91:bf:43:04:da:8d:54:bb:
be:3f:c2:6f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYgOi5xxa+E01XKa7qZ6E38/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwNTEyMDYwMDEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWM2YWQyZTA2NmE5MTQ4NjcyNmI1ODRiNWZjN2NhYTRkOWY1MGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApk21GmzAAvVGptgm+Eas5XeBjo2A
Htu8SfnRmWNZDHve92uv81UTurU0kT0cjh78PPZqB7HbuzQ3LOcujihUeo+E/Zho
mbI0siAcM3XYmC9GyGrUvo0ZHzQ5oA/29L99tbXQ7QnVcXEjLHEUvQHVyABx3mYv
XGhNb2ZhNanGsOaGX8N4JF3jAENNNKuV+cqkyHngOgK9MuUUSW3MlO506FcK+FeI
lrNGN+LnsKJ+QkH0DSzjfSZpi01M3rDCh/6vLeuW0ngYkEAJuZxFlL2AqUbaTDDH
zL82f8ncx9t+Oh5Zy9xkQsdP/hnJIv9D0L/7S+vDPJ/2w4GSZxY/jrYezQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHHGrS4GapFIZya1hLX8fKpNn1CyMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvY2NhdExnWnFrVWhuSnJXRXRmeDhxazJmVUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9W6AwQA
W9XIAwQAwpyXMA0GCSqGSIb3DQEBCwUAA4IBAQCsx8tZMH7RoS5l5ROaqPWuOdna
7GT+/ACauRQ45DAQaKA0qJHL29lrnPH9p7VMqQA31ViWf2o7Jq9QJevM6dTQKFzE
5sGqQPxkcee5XzqcAyql3YEEdMcW6BcGyqmIJT3OUIZW6uYJ8SDg2QPfywpJPwNK
5eLOps3EAopPT1TPtM8/IW3lGQyh1YLxMqtw79TjXh0SjOzjVIPIFXh9ZSjcjagN
meA0QdcCBSV7u695eq3ejoyb8233t70Stp1R4+3N2yMWQCAycouH/loHOL2Ov6C9
H+zPfW60keBgsF+NSSf0gHaTqughI00pFotS16phli56kb9DBNqNVLu+P8Jv
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org